Int. Journal of Business Science and Applied Management, Volume 2, Issue 1, 2007

Research Note:

Representing Identity and Relationships in Information

Systems

Mike Martin

Centre for Software Reliability, Newcastle University,

Newcastle upon Tyne, NE1 7RU, United Kingdom

Tel: +44 (0)191 2227087

Fax: +44 (0)191 2228788

Email: mike-martin@btconnect.com

Abstract

This research note is concerned with how identity and of relationship are represented in information

systems. It presents a real world example of the problems that can arise in the delivery of social care

and explores some thoughts about the application of Peirce’s ideas to respond to these issues in the

context of case management and record systems.

Keywords: identity, relationships, information systems

Int. Journal of Business Science and Applied Management / Business-and-Management.com

1 INTRODUCTION

This research note is concerned with how the concepts of identity and of relationship are

represented in information systems. It is not presented as completed research but as work in progress

and as a provocation to thought and discussion in the formulation of future research directions. It starts

by outlining a particular case which illustrates the problem in a rather extreme form. The purpose is not

to attempt to ask questions about the solution to this case as if it were some sort of computational

puzzle, it is not. The purpose of this example, which is drawn from real life, is as a test for the

expressiveness and the adequacy of the concepts and terms we use to talk about identities and

relationships as they are represented in our systems.

The case concerns an individual called Mary and the problems she faces. The question we must

ask is whether our systems language, with terms such as “Identity Management”, “Provisioning” and

“Data Warehousing”, is adequate to express her problems let alone offer a framework for articulating

some solution, if, indeed, the term “solution” is an appropriate one in the face of the wicked problems

we will explore.

The second part of the paper uses some of the ideas of the American philosopher Charles Sanderes

Peirce as a framework to examine our notions of identity and relationship and how this could have an

impact on how we represent and reason about them in the design of information systems.

There are two broad stances represented in current systems and management literatures on Identity

Management: the enterprise centred approach and the user centred approach. The first is concerned

with protecting the interests of an enterprise and, in this literature, identity management is typically

defined in the following sorts of terms:

Identity management refers to the process of employing emerging technologies to manage

information about the identity of users and control access to company resources. The goal of

identity management is to improve productivity and security while lowering costs associated with

managing users and their identities, attributes, and credentials.

In this approach, information is the wholly owned internal resource of the enterprise which assumes

complete rights over its use. The second stance in the literature is the user centred one in which the

issues of the privacy of the subject are centre stage. In this stance, the concept of identity management

is defined in a different set of terms:

(Privacy-enhancing) identity management … offers a means whereby individuals control the

nature and amount of personal information about them that is disclosed. In particular, to

achieve privacy, individuals can use pseudonyms and determine the degree of linkability

between different occurrences of their data. Through the secure and authenticated use of

pseudonyms, accountability of an individual for his or her actions can be achieved without

giving away personal data.

While the two stances locate the centre of concern and interests differently, in both of them the

relationships within which identities are embedded are ones of supplier - customer or employer –

employee.

There is little or no literature to be cited about the organisational and systems issues of identity in

the contexts of the caring and developmental sectors including social and health care as well as

education. Here, relationships between service providers and service users exhibit different sorts of

symmetries and asymmetries compared with the world of commerce and outcomes my include the co-

production of new identities and the negotiation of new relationships. There are increasing pressures on

public services and the voluntary organisations, which represent a high proportion of the providers in

the caring and developmental sectors, to achieve higher efficiency and effectiveness. This is resulting

in the increased adoption of the information management and communications techniques of the

From http://www.giac.org/certified_professionals/practicals/gsec/2646.php . An Introduction to

Identity Management, Spencer C. Lee. March 11, 2003

2 http://www.jrc.es/home/report/english/articles/vol67/IPT2E676.htm .

Privacy-Enhancing Identity Management, Sebastian Clauß, Andreas Pfitzmann, Dresden

University of Technology, Marit Hansen, Independent Centre for Privacy Protection Schleswig-

Holstein and Els Van Herreweghen, IBM Research Lab Zurich

Mike Martin

commercial sector and there is an assumption that all the concepts and tools required to address issues

of confidentiality and control are available.

In this note I argue that the approach to identity management for the caring and developmental

sectors is not simply a question of finding a balance between the enterprise centred and the user centred

approaches. It requires a deeper understanding of what we mean by identity and relationship and how

we represent them in our information systems.

2 MARY’S STORY

This story involves a large national charity concerned with the interests of children and young

people. In our city, they are commissioned by the Local Authority to manage the Sure-Start Centres

where the parents of babies and toddlers can find support, advice and a range of services. At the time

we are considering, one of these centres was being managed, on a temporary basis, by Mrs. Cannybody

who is not a qualified social worker but who has done both voluntary and contract work for the charity

for many years and is highly experienced.

The same charity also delivers another service in the city. This provides counselling, therapy and

support to children and young people who have suffered sexual abuse or exploitation. Clearly, this is a

specialised service which is not widely publicised to which clients are referred by professional

practitioners.

Finally, our charity also works with the police, probation service, courts and social services of a

town at the other end of the Region in a programme of initiatives to control prostitution which is seen

as a particular local problem.

Mary is 17 years old and is a single mother with a 6 month old baby. She has been attending Sure-

Start but recently, Mrs Cannybody has noticed that she has become withdrawn and unhappy. She

cannot, however, get Mary to discuss her problems and, as a result, is concerned about her well being.

Unbeknown to Mrs Cannybody, or anybody else in Sure-Start, Mary is also attending sessions at

the counselling service because, a year ago, she was relocated into our city by the Prostitution

Response Programme as part of an action to close down a prostitution ring. The pimp who ran this ring

was sent to prison and, in the initiative to support the then pregnant Mary, she was relocated and a

number of services activated to help her rehabilitate herself and build a new life. She made it clear that

she wanted to put her previous experiences behind her and that she was only prepared to discuss them

with her individual councillor at the support service.

Meanwhile, Derek, her erstwhile pimp, has been realised on parole, after serving 12 months, on

condition that he attends one-on-one and group counselling sessions for ex-abusers which are run by

our national charity. While in prison, Derek found the Lord and was born again. He claims to be the

father of Mary’s child and says he wants to do what is right by her and support them both. The

relationship between Derek and his councillor in the local rehabilitation service is not one of

supervision and control but is intended to be therapeutic and supportive.

So, within our single, national charity, we have three professionals or workers. Two of these have

a relationship with Mary while the third has a relationship with Derek, whose records may have an

historical, indirect link to her, for example via the various police records. The question we are faced

with concerns how and where Mary’s identity and her relationships are represented in the case

management, recording and reporting systems of the Charity.

3 RESPONDING TO MARY’S INFORMATION GOVERNANCE INTERESTS

The specific background to asking this question is the growing pressure on the charity to provide

detailed reporting to the commissioners of the services that it delivers about activities, costs and

outcomes. This has led to a proposal by the IT department that what they really need is a “Data

Warehouse” as part of a new “Enterprise Information Architecture”. The potential providers of these

products talk about “single point of truth”, data cleansing and normalisation as key values that they can

offer to address the organisation’s complex information management needs.

Any attempt to approach the professionals engaged with Mary and her baby to elicit use cases,

map processes and define data sets and security policies is simply exacerbating their problems: this

language is simply not adequate for expressing Mary’s concerns and interests or, indeed Derek’s, the

professionals and the organisations involved. Equally, the policy objectives of integrated delivery,

integrated planning and processes and integrated governance may sound laudable and attractive but

Mary needs real and dependable boundaries around her relationships and separation of the information

Int. Journal of Business Science and Applied Management / Business-and-Management.com

that they hold. Mary’s story forces us to reconsider the term “integration” and the assumption that it is

a universal, value where more is always better.

When we are forced to consider situations such as this one, it becomes very clear that, if there is to

be any resolution, then that resolution is one that will be co-constructed by the individuals involved

within the context of the individual cases and relationships. The purpose of the organisational and

systems resources that are deployed around the case is to facilitate this co-construction and to provide

supportive and safe governance mechanisms. The questions we must ask about such systems concern

how they enable the signalling of concern, the assumption, exchange and discharge of responsibility for

care with consent, and the appropriate governance of information in the interests, and under the control,

of the parties concerned.

Putting this in the more concrete terms of Mary’s case: how could Mrs Cannybody signal her

concerns in ways that respect Mary’s choices? How can Mary’s councillor respond and engage Mary in

that response? How can the three domains of information remain distinct and separate until and unless

individuals with the appropriate rights and responsibilities perform explicit acts of relationship

management which connect things together and how, finally, can these acts of identity and relationship

management be made auditable, accountable and governable?

4 THE CONCEPT OF IDENTITY

Before we can begin to consider these difficult questions, we must first establish some

groundwork of concepts and meanings. This is ontology in the deeper, philosophical sense, not in the

rather superficial sense of the data modeller.

As human individuals we all share an innate sense of self. We each uniquely experience what it is

like to have our own thoughts and feelings and also to experience the continuity of individuality

through out our lives. This concept of identity and individuality corresponds to what Peirce calls a

“First” or monadic concept. The “I” that is delineated is purely self referential and needs no reference

to anything else. There are few instances of monadic concepts that we use in everyday life and they

seem strange. Much more familiar is the dyadic concept of identity. In this way of framing the issue, I

am the collection of attributes that I exhibit to the world and through which I can be recognised. So, I

am the individual with a particular date and place of birth, with a gender, parentage, etc. I exhibit a

particular demography and any particular collection of information items from this set of items may be

adequate to uniquely identify me from within some wider group.

In addition to my demography there is also a set of biometric data which is associated with my

physical presence: photographs, thumb prints, retinal scans and genetic maps are examples of this sort

of identifying information. Finally there is my signature which is performative data which is associated

with, but not necessarily unique to, me. (A forger could practice and make perfect.) This concept of

identity – what Peirce calls a “Second” - is two items which, through their relationship or association,

form a concept. It is the association of the data with the individual which constitutes this notion of

identity. When this data is put into an information system, and clearly, I, the individual, remain in the

world outside of that system, we face an interesting set of challenges. Who, for example, owns that

system? What is its purpose and what is my relationship with both of these? The ownership of the

system that contains this data represents a relationship of potential power and control and, as a result, I,

as the subject, have a stake and an interest to protect. It is this concept of identity that is the basis of the

two approaches to identity management mentioned at the beginning of this paper.

Unfortunately, the propensity to confuse the data in the system with the realities that it refers to

outside of the system is a strong one and there is a rather pervasive attitude in technological and

management domains to rely on technical and organisational means and to attribute ultimate value to

the information in the system referring to it, for example, as the “single point of truth”. But even in the

case of a banking system, for example, where the figure in the account does represent the account

holder’s balance as far as the bank is concerned, we are still left with questions as to whether the string

of transactions that have resulted in this figure were executed by the individuals that the system has

taken to be their authors. Anyone who has experienced impersonation and fraud will know that the

concept of truth is relative here and we need to ask the question “whose truth?”

Arguments like this, and there are many of them, lead to the conclusion that the dyadic notion of

identity, whilst it does a job in the world of information systems, is not an adequate one in many

circumstances. Certainly when we remember Mary’s story, we can see that, even though there is only

one individual, Mary, the information system(s) which support the delivery of services to her can not

afford to take the process of interpreting identity attributes and recognising Mary away from the

contexts of the particular relationships within which that recognition is taking place. In Peircian terms,

this is making identity triadic. An identity is the three way linkage between the means (information) by

Mike Martin

which a recogniser (person, institution, agency) recognises an individual (person). The purpose of the

recognition is to maintain and make use of a shared history, i.e. it is to support a relationship.

In terms of our information systems, this has an important consequence. We understand the

concept of identity management with its associated registration and authentication services. We also

understand the concepts of relationship management with its case and index support services by which

the records associated with different relationships can be combined. Mary’s story, as an example of the

most difficult and challenging use case, shows that these two sets of systems functions and associated

responsibilities cannot be divorced from each other and made separate, independent. Acts of identity

management where, for example, a registrar creates and records an identity for an individual and, as a

result, the possibility for a set of persistent records is generated and maintained, cannot be assumed also

to be acts of relationship management where those records are automatically correlated with others.

Creating connections between records are acts which are distinct from those of creating records

themselves and must be explicitly accounted for, audited and governed.

In this light, the automation of identity correlation, known as data cleansing, is a particularly

significant process requiring the highest level of scrutiny and governance. The technologies and

approaches that have been developed to support the process of rationalising insurance and savings

account business for banks, are not necessarily appropriate for addressing the information needs of our

national charity.

Further, notions of role based access to information does not adequately encompass all of the

concerns and issues that are relevant. Cases such as Mary’s demonstrate that it is not simply who I am

and what my role is that governs my rights to see information about some individual but, in addition,

my specific relationship with the subject of that information and the contexts of my activities within

that relationship need to be taken into account. For example I may be involved in an ongoing case that

is governed by the established consents and a current information sharing protocol or I might be

declaring an emergency which will need to be accounted for at some future date in the context of the

auditing and governance of my practice. Alternatively, I might, like Mrs Cannybody, be exploring a

concern by publishing a query to anyone who has a relationship with the individual she knows as Mary,

on the understanding that Mary may have relationships which she wants to maintain quite separately

from the one Mrs Cannybody has with her. What the recipients of this narrowcast and specific

“publication” do about it is up to them and Mary and Mrs. Cannybody may or may not get a direct

answer. She must look to her experience, recommended practice and her relationship with Mary to

formulate her next moves.

5 SOME IMPLICATIONS

These thoughts about how we deal with identity and relationships in our information systems have

some important implications on method and on language. The continued development of both the

power and the pervasiveness of information systems has resulted in the situation that many aspects of

our lives, development and well being are becoming dependent on how they, the information systems,

are constructed and operated. Bateson defines information as “news of a difference that makes a

difference” and, increasingly, it is information in systems, rather than in the real world, that is making

the key differences in peoples lives. These developments cannot be halted. What does perhaps need to

change is the language we use when we plan, develop, deploy and govern them and the range of

individuals who have a voice in these processes.